njrat | 7aca902f9e7493dbf4f53a4cd3a4a9e5858eb825ef0141bf2e30150b416a070e | Triage

Resubmissions

03-12-2024 20:12

241203-yy1zxasjbz 10

03-12-2024 20:03

241203-ysq8hs1pdz 10

Sharing

General

Target

Payload.exe
Size

55KB
Sample

241203-ysq8hs1pdz
MD5

29a02cd1fb2226905da5a34ac62595b9
SHA1

a0c85edb2b9decb53291485acd64f36dbf5a6999
SHA256

7aca902f9e7493dbf4f53a4cd3a4a9e5858eb825ef0141bf2e30150b416a070e
SHA512

2e3000bdf30fe332f2923563a5266ada0201473fa999382aeced2cbb09951179ed2e7278314b97e1852dc8e300cd182632481f508f65b4aa629beecdb14993b3
SSDEEP

1536:1KksDnHNwZ8Cam8LDdwsNMD2XExI3pmym:fsDn6SKiDdwsNMD2XExI3pm

Score

10^/10

njrat fucked by kev discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

fucked by kev

C2

japanese-cross.gl.at.ply.gg:16828

Mutex

ba504e39d49d09ba3f0b71067d651692

Attributes

reg_key
ba504e39d49d09ba3f0b71067d651692
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  29a02cd1fb2226905da5a34ac62595b9
- SHA1
  
  a0c85edb2b9decb53291485acd64f36dbf5a6999
- SHA256
  
  7aca902f9e7493dbf4f53a4cd3a4a9e5858eb825ef0141bf2e30150b416a070e
- SHA512
  
  2e3000bdf30fe332f2923563a5266ada0201473fa999382aeced2cbb09951179ed2e7278314b97e1852dc8e300cd182632481f508f65b4aa629beecdb14993b3
- SSDEEP
  
  1536:1KksDnHNwZ8Cam8LDdwsNMD2XExI3pmym:fsDn6SKiDdwsNMD2XExI3pm
Score

10^/10

njrat discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fucked by kev njrat

behavioral1

njratdiscoverypersistencetrojan